[nsp-sec] Assistance in tracking a Command and Control (C2) server - obtaining a copy of the malware
Stephen Gill
gillsr at cymru.com
Sat Apr 4 12:15:26 EDT 2009
These are all the Ips I see talking to that C&C NOT on TCP 444 (they are all
high ports TCP):
378 | 132.70.228.186 | MACHBA-AS ILAN
1930 | 194.210.85.17 | RCCN Rede Ciencia Tecnologia e Sociedade (RCTS)
2614 | 194.102.61.170 | ROEDUNET Romanian Education Network
3388 | 64.106.117.222 | UNM-AS - University of New Mexico
4134 | 113.113.84.140 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 113.113.91.156 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 114.138.87.205 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.21.166.168 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.23.183.61 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.52.155.13 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.54.37.127 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.7.94.160 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.122.172.163 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.145.38.142 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.145.98.139 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.147.110.137 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 120.36.143.178 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.13.1.98 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.229.47.110 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.232.38.174 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 122.246.147.119 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.156.115.6 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 125.112.102.61 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 125.112.2.224 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 125.112.74.228 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 125.90.179.25 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.18.124.56 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.19.138.207 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.76.100.51 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.76.103.13 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 220.190.206.239 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 221.224.53.222 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 221.225.52.113 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.240.189.172 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.79.62.128 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.93.163.53 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.94.67.220 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.210.111.18 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.210.188.182 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.211.120.198 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.47.143.7 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 58.61.43.246 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 59.175.193.106 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 59.38.29.145 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.141.158.146 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.144.115.102 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.144.138.85 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.144.235.60 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.154.204.112 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.164.184.10 | CHINANET-BACKBONE No.31,Jin-rong Street
4323 | 66.233.119.197 | TWTC - tw telecom holdings, inc.
4565 | 69.33.79.194 | MEGAPATH2-US - MegaPath Networks Inc.
4812 | 116.228.185.139 | CHINANET-SH-AP China Telecom (Group)
4812 | 116.228.89.67 | CHINANET-SH-AP China Telecom (Group)
4812 | 124.79.164.243 | CHINANET-SH-AP China Telecom (Group)
4812 | 222.65.175.100 | CHINANET-SH-AP China Telecom (Group)
4812 | 58.41.83.26 | CHINANET-SH-AP China Telecom (Group)
5384 | 92.96.19.187 | EMIRATES-INTERNET Emirates Internet
6621 | 67.44.86.247 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.47.207.18 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.47.241.38 | HNS-DIRECPC - Hughes Network Systems
6621 | 72.168.160.24 | HNS-DIRECPC - Hughes Network Systems
7545 | 203.219.59.116 | TPG-INTERNET-AP TPG Internet Pty Ltd
7757 | 76.171.222.155 | CCCH-AS4 - Comcast Cable Communications
Holdings, Inc
7757 | 76.94.153.188 | CCCH-AS4 - Comcast Cable Communications
Holdings, Inc
8452 | 41.233.33.4 | TEDATA TEDATA
8452 | 41.233.41.237 | TEDATA TEDATA
8452 | 41.235.41.105 | TEDATA TEDATA
8452 | 41.235.42.232 | TEDATA TEDATA
8452 | 41.235.43.239 | TEDATA TEDATA
8452 | 41.236.189.252 | TEDATA TEDATA
8452 | 41.237.224.201 | TEDATA TEDATA
8452 | 41.237.28.70 | TEDATA TEDATA
8452 | 41.237.46.184 | TEDATA TEDATA
8452 | 41.237.78.107 | TEDATA TEDATA
8452 | 41.238.5.7 | TEDATA TEDATA
9308 | 58.83.225.93 | CHINA-ABITCOOL Abitcool(China) Inc.
10796 | 67.53.173.195 | SCRR-10796 - Road Runner HoldCo LLC
10994 | 97.106.63.228 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
11078 | 128.148.216.107 | BROWN - Brown University
11426 | 24.148.183.129 | SCRR-11426 - Road Runner HoldCo LLC
11427 | 70.120.178.136 | SCRR-11427 - Road Runner HoldCo LLC
11427 | 72.177.72.138 | SCRR-11427 - Road Runner HoldCo LLC
11427 | 72.191.87.174 | SCRR-11427 - Road Runner HoldCo LLC
11427 | 76.187.141.23 | SCRR-11427 - Road Runner HoldCo LLC
11955 | 65.28.111.21 | SCRR-11955 - Road Runner HoldCo LLC
12035 | 72.28.132.183 | ATLANTICBB-MIAMI - Atlantic Broadband Finance,
LLC
12271 | 208.120.223.234 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 208.120.77.67 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 208.125.8.250 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 64.131.162.144 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 69.206.240.79 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 69.86.238.97 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 72.229.247.72 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 72.229.9.136 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 74.72.35.116 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 98.14.198.139 | SCRR-12271 - Road Runner HoldCo LLC
13343 | 68.202.185.197 | SCRR-13343 - Road Runner HoldCo LLC
13343 | 68.207.101.215 | SCRR-13343 - Road Runner HoldCo LLC
13343 | 72.188.18.130 | SCRR-13343 - Road Runner HoldCo LLC
14183 | 144.167.108.130 | UALR-ASN - University of Arkansas at Little
Rock
14390 | 69.72.61.162 | CORENET - Coretel America, Inc.
14390 | 69.72.61.28 | CORENET - Coretel America, Inc.
15475 | 217.52.33.189 | NOL
15475 | 217.52.98.53 | NOL
15475 | 217.54.232.8 | NOL
15475 | 217.54.67.108 | NOL
15802 | 91.74.175.99 | DU-AS1 Emirates Integrated Telecommunications
Company PJSC (EITC-DU)
16586 | 74.61.88.191 | CLEARWIRE - Clearwire US LLC
16810 | 98.140.138.3 | CAVTEL02 - Cavalier Telephone
16960 | 201.167.114.112 | Cablevision Red S.A. de C.V.
16960 | 201.167.114.23 | Cablevision Red S.A. de C.V.
16960 | 201.167.115.221 | Cablevision Red S.A. de C.V.
17184 | 69.199.33.169 | ATL-CBEYOND - CBEYOND COMMUNICATIONS, LLC
17236 | 198.207.222.136 | TULSAL-74103 - Tulsa City-County Library
18747 | 190.60.222.187 | IFX-NW - IFX Communication Ventures, Inc.
18747 | 190.60.46.190 | IFX-NW - IFX Communication Ventures, Inc.
18747 | 190.60.62.47 | IFX-NW - IFX Communication Ventures, Inc.
18747 | 190.60.69.204 | IFX-NW - IFX Communication Ventures, Inc.
19262 | 71.107.197.208 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.107.24.106 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.108.249.214 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.112.76.173 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.121.141.128 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.122.65.73 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.165.92.106 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.96.238.220 | VZGNI-TRANSIT - Verizon Internet Services Inc.
20001 | 64.183.64.213 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 66.74.23.113 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.175.117.177 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 98.151.11.138 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20858 | 62.139.191.116 | EGYNET-AS
20858 | 62.139.191.217 | EGYNET-AS
20858 | 62.139.203.222 | EGYNET-AS
20858 | 62.139.252.112 | EGYNET-AS
20858 | 62.139.80.38 | EGYNET-AS
20858 | 62.139.81.165 | EGYNET-AS
20858 | 62.139.81.247 | EGYNET-AS
20858 | 62.139.87.132 | EGYNET-AS
20858 | 62.139.88.228 | EGYNET-AS
20858 | 62.139.88.54 | EGYNET-AS
20858 | 84.36.145.126 | EGYNET-AS
20858 | 84.36.186.145 | EGYNET-AS
20858 | 84.36.5.134 | EGYNET-AS
21003 | 41.252.116.132 | GPTC-AS
21826 | 190.142.105.198 | Internet Cable Plus C. A.
21826 | 190.142.132.18 | Internet Cable Plus C. A.
21826 | 190.142.136.152 | Internet Cable Plus C. A.
21826 | 190.142.137.140 | Internet Cable Plus C. A.
21826 | 190.142.137.79 | Internet Cable Plus C. A.
21826 | 190.142.147.110 | Internet Cable Plus C. A.
21826 | 190.142.148.96 | Internet Cable Plus C. A.
21826 | 190.142.154.190 | Internet Cable Plus C. A.
21826 | 190.142.157.79 | Internet Cable Plus C. A.
21826 | 190.142.2.148 | Internet Cable Plus C. A.
21826 | 190.142.38.115 | Internet Cable Plus C. A.
21826 | 190.142.49.92 | Internet Cable Plus C. A.
21826 | 190.142.58.51 | Internet Cable Plus C. A.
21826 | 190.142.64.241 | Internet Cable Plus C. A.
21826 | 190.142.7.20 | Internet Cable Plus C. A.
21826 | 200.8.23.36 | Internet Cable Plus C. A.
21826 | 200.8.24.214 | Internet Cable Plus C. A.
21826 | 200.8.42.174 | Internet Cable Plus C. A.
21826 | 200.8.4.60 | Internet Cable Plus C. A.
22313 | 200.35.215.70 | Supercable
22313 | 200.35.216.21 | Supercable
22318 | 68.228.96.100 | ASN-CXA-CF-22318-CBS - Cox Communications Inc.
22773 | 24.253.218.67 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 64.147.31.131 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.111.145.63 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.13.160.198 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.13.217.138 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.224.174.89 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.224.200.131 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.225.43.5 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 70.162.129.102 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 70.184.182.63 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 70.190.58.244 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.196.202.237 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.199.205.252 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.199.208.51 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.207.111.72 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.207.6.142 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.208.13.158 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.208.84.69 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 72.218.209.14 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 98.176.140.42 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
23201 | 186.16.22.104 | Telecel S.A.
23201 | 186.16.31.254 | Telecel S.A.
23201 | 186.16.43.107 | Telecel S.A.
23201 | 186.16.66.113 | Telecel S.A.
25576 | 62.117.33.28 | AFMIC
25994 | 207.192.205.200 | NPG-001 - NPG Cable, INC
27717 | 200.71.241.140 | Corporacion Digitel C.A.
27775 | 190.98.18.141 | Telecommunicationcompany Suriname - TeleSur
28554 | 200.77.204.203 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.205.211 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.207.120 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.207.197 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.212.61 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.214.83 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.216.103 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.217.107 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.218.174 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.130.243 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.138.204 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.139.45 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.147.35 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.154.14 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.155.64 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.159.53 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.164.29 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.165.44 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.167.116 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.168.219 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.174.114 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.178.177 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.185.253 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.189.26 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.189.97 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.190.53 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.193.40 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.200.104 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.213.184 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.219.184 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.220.167 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.229.170 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.236.176 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.238.127 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.240.17 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.245.239 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.250.189 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.253.188 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.254.65 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.255.24 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.255.47 | Cablemas Telecomunicaciones SA de CV
29256 | 78.110.100.231 | STE-AS Syrian Telecommunication Establishment
29256 | 90.153.148.206 | STE-AS Syrian Telecommunication Establishment
29386 | 78.110.100.231 | STE-AS2 STE International Gateway
29386 | 90.153.148.206 | STE-AS2 STE International Gateway
29386 | 91.144.10.232 | STE-AS2 STE International Gateway
29386 | 91.144.2.158 | STE-AS2 STE International Gateway
29386 | 91.144.2.159 | STE-AS2 STE International Gateway
29386 | 91.144.3.130 | STE-AS2 STE International Gateway
29386 | 91.144.4.56 | STE-AS2 STE International Gateway
30373 | 63.250.228.211 | BUSINESSONLYBROADBANDLLC - Business Only
Broadband
40336 | 67.214.33.237 | UNISKY-MIA - Jacobi International Inc.
40626 | 200.81.49.75 | LATICOM-GLOBAL-IP-ASN - Laticom Global IP
41176 | 89.108.26.80 | SAHARANET-AS Sahara Net Main NOC AS
41176 | 89.108.30.246 | SAHARANET-AS Sahara Net Main NOC AS
41176 | 89.108.35.199 | SAHARANET-AS Sahara Net Main NOC AS
41176 | 89.108.47.222 | SAHARANET-AS Sahara Net Main NOC AS
41176 | 89.108.57.179 | SAHARANET-AS Sahara Net Main NOC AS
42003 | 94.187.14.125 | OGERONET OGERO Telecom
Now these are all the Ips I see talking to that C&C on TCP 444:
4134 | 113.87.208.162 | CHINANET-BACKBONE No.31,Jin-rong Street
4812 | 114.95.54.184 | CHINANET-SH-AP China Telecom (Group)
4812 | 114.95.54.23 | CHINANET-SH-AP China Telecom (Group)
4847 | 115.171.76.55 | CNIX-AP China Networks Inter-Exchange
4812 | 116.234.221.242 | CHINANET-SH-AP China Telecom (Group)
4134 | 116.24.114.50 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 116.25.123.109 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 117.88.97.157 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 117.89.128.152 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.122.119.207 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.136.200.176 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 119.141.61.128 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 120.32.146.147 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 120.32.146.223 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 120.32.146.55 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.229.29.81 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.33.2.171 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 121.34.183.137 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 122.246.186.232 | CHINANET-BACKBONE No.31,Jin-rong Street
17672 | 123.181.57.169 | CHINATELECOM-HE-AS-AP asn for Hebei Provincial
Net of CT
4134 | 124.117.98.249 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 124.156.238.51 | CHINANET-BACKBONE No.31,Jin-rong Street
4847 | 124.207.239.2 | CNIX-AP China Networks Inter-Exchange
17816 | 124.207.239.2 | CHINA169-GZ CNCGROUP IP network China169
Guangzhou MAN
4134 | 124.225.30.36 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 125.77.250.70 | CHINANET-BACKBONE No.31,Jin-rong Street
7939 | 132.170.6.201 | UNIVCENTFLA - University of Central Florida
5078 | 156.110.78.2 | ONENET-AS-1 - Oklahoma Network for Education
Enrichment and
4323 | 163.153.99.5 | TWTC - tw telecom holdings, inc.
22693 | 163.153.99.5 | NERIC - Capital Region BOCES NERIC
4323 | 163.153.99.6 | TWTC - tw telecom holdings, inc.
22693 | 163.153.99.6 | NERIC - Capital Region BOCES NERIC
23201 | 186.16.11.166 | Telecel S.A.
23201 | 186.16.17.138 | Telecel S.A.
23201 | 186.16.18.31 | Telecel S.A.
23201 | 186.16.3.1 | Telecel S.A.
23201 | 186.16.39.200 | Telecel S.A.
23201 | 186.16.5.112 | Telecel S.A.
23201 | 186.16.64.171 | Telecel S.A.
23201 | 186.16.66.111 | Telecel S.A.
23201 | 186.16.8.104 | Telecel S.A.
27734 | 190.102.13.218 | New Technologies Group N.V.
21826 | 190.142.112.50 | Internet Cable Plus C. A.
21826 | 190.142.118.189 | Internet Cable Plus C. A.
21826 | 190.142.131.143 | Internet Cable Plus C. A.
21826 | 190.142.151.187 | Internet Cable Plus C. A.
21826 | 190.142.21.213 | Internet Cable Plus C. A.
21826 | 190.142.22.246 | Internet Cable Plus C. A.
21826 | 190.142.26.147 | Internet Cable Plus C. A.
21826 | 190.142.38.119 | Internet Cable Plus C. A.
21826 | 190.142.61.228 | Internet Cable Plus C. A.
21826 | 190.142.62.123 | Internet Cable Plus C. A.
21826 | 190.142.8.8 | Internet Cable Plus C. A.
21826 | 190.142.8.97 | Internet Cable Plus C. A.
18747 | 190.60.33.150 | IFX-NW - IFX Communication Ventures, Inc.
18747 | 190.60.37.240 | IFX-NW - IFX Communication Ventures, Inc.
18747 | 190.60.56.95 | IFX-NW - IFX Communication Ventures, Inc.
27775 | 190.98.9.20 | Telecommunicationcompany Suriname - TeleSur
6802 | 194.141.42.2 | UNICOM-B-AS NREN - Bulgaria
1930 | 194.210.87.67 | RCCN Rede Ciencia Tecnologia e Sociedade (RCTS)
24835 | 196.221.62.146 | RAYA-AS
27795 | 200.1.200.246 | Netvision S.A.
26613 | 200.125.192.34 | EasyNet S.A.
27717 | 200.71.241.137 | Corporacion Digitel C.A.
27717 | 200.71.241.139 | Corporacion Digitel C.A.
28554 | 200.77.200.61 | Cablemas Telecomunicaciones SA de CV
28554 | 200.77.212.115 | Cablemas Telecomunicaciones SA de CV
21826 | 200.8.0.139 | Internet Cable Plus C. A.
21826 | 200.8.12.225 | Internet Cable Plus C. A.
21826 | 200.8.34.45 | Internet Cable Plus C. A.
28554 | 201.160.145.21 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.153.185 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.159.25 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.171.111 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.179.15 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.193.185 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.193.71 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.218.96 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.227.17 | Cablemas Telecomunicaciones SA de CV
28554 | 201.160.235.51 | Cablemas Telecomunicaciones SA de CV
18747 | 201.217.200.110 | IFX-NW - IFX Communication Ventures, Inc.
27789 | 201.221.65.173 | GREENDOT
17988 | 203.222.195.151 | SINOSAT-AS-AP SINOSAT (HONG KONG) LIMITED
30688 | 206.123.212.67 | FASTTRACK-NET-AS - FastTrack Communications
Inc.
4355 | 206.252.161.81 | ERMS-EARTHLNK - EARTHLINK, INC.
852 | 206.75.63.106 | ASN852 - Telus Advanced Communications
4323 | 207.114.183.214 | TWTC - tw telecom holdings, inc.
19029 | 216.217.236.2 | NEWEDGENETS - New Edge Networks
4565 | 216.36.117.164 | MEGAPATH2-US - MegaPath Networks Inc.
15475 | 217.54.150.80 | NOL
4134 | 218.13.201.161 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.13.201.54 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.13.207.140 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 218.92.174.154 | CHINANET-BACKBONE No.31,Jin-rong Street
4847 | 219.142.128.35 | CNIX-AP China Networks Inter-Exchange
4847 | 219.143.238.238 | CNIX-AP China Networks Inter-Exchange
4134 | 220.163.14.134 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 220.174.19.176 | CHINANET-BACKBONE No.31,Jin-rong Street
4808 | 221.123.176.248 | CHINA169-BJ CNCGROUP IP network China169
Beijing Province Network
4847 | 221.123.176.248 | CNIX-AP China Networks Inter-Exchange
17638 | 221.238.203.146 | CHINATELECOM-TJ-AS-AP ASN for TIANJIN
Provincial Net of CT
4847 | 222.35.160.138 | CNIX-AP China Networks Inter-Exchange
4134 | 222.82.30.143 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.92.48.154 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 222.94.26.107 | CHINANET-BACKBONE No.31,Jin-rong Street
20001 | 24.152.134.237 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 24.161.222.255 | ROADRUNNER-WEST - Road Runner HoldCo LLC
10994 | 24.164.60.162 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
20001 | 24.165.92.142 | ROADRUNNER-WEST - Road Runner HoldCo LLC
12271 | 24.193.149.244 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 24.193.38.161 | SCRR-12271 - Road Runner HoldCo LLC
11426 | 24.199.196.3 | SCRR-11426 - Road Runner HoldCo LLC
20001 | 24.24.187.197 | ROADRUNNER-WEST - Road Runner HoldCo LLC
11427 | 24.242.230.51 | SCRR-11427 - Road Runner HoldCo LLC
22773 | 24.248.98.172 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
11351 | 24.97.19.170 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
21003 | 41.208.82.33 | GPTC-AS
8452 | 41.232.1.154 | TEDATA TEDATA
8452 | 41.232.230.127 | TEDATA TEDATA
8452 | 41.232.230.219 | TEDATA TEDATA
8452 | 41.232.233.119 | TEDATA TEDATA
8452 | 41.233.66.165 | TEDATA TEDATA
8452 | 41.235.39.123 | TEDATA TEDATA
8452 | 41.236.244.50 | TEDATA TEDATA
4134 | 58.211.133.98 | CHINANET-BACKBONE No.31,Jin-rong Street
4812 | 58.38.110.148 | CHINANET-SH-AP China Telecom (Group)
4812 | 58.38.119.193 | CHINANET-SH-AP China Telecom (Group)
4812 | 58.38.151.184 | CHINANET-SH-AP China Telecom (Group)
4134 | 58.60.63.195 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 59.37.231.129 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 59.51.220.154 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.133.219.242 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.145.163.24 | CHINANET-BACKBONE No.31,Jin-rong Street
4134 | 61.174.164.63 | CHINANET-BACKBONE No.31,Jin-rong Street
5421 | 62.44.104.25 | SU-NET University of Sofia autonomous system
12271 | 64.131.224.224 | SCRR-12271 - Road Runner HoldCo LLC
1785 | 64.199.103.51 | AS-PAETEC-NET - PaeTec Communications, Inc.
2828 | 65.104.126.178 | XO-AS15 - XO Communications
20231 | 65.29.188.239 | ROADRUNNER-CENTRAL - Road Runner HoldCo LLC
10994 | 65.35.255.116 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
4565 | 65.86.170.15 | MEGAPATH2-US - MegaPath Networks Inc.
4323 | 66.233.163.160 | TWTC - tw telecom holdings, inc.
20001 | 66.74.148.192 | ROADRUNNER-WEST - Road Runner HoldCo LLC
6621 | 66.82.202.9 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.143.110.131 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.46.113.62 | HNS-DIRECPC - Hughes Network Systems
6621 | 67.46.46.65 | HNS-DIRECPC - Hughes Network Systems
20001 | 67.49.220.128 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 67.53.104.230 | ROADRUNNER-WEST - Road Runner HoldCo LLC
13343 | 67.8.93.204 | SCRR-13343 - Road Runner HoldCo LLC
22773 | 68.102.129.56 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.107.12.201 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.107.35.13 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
13432 | 68.108.96.106 | ASN-CXA-LV-13432-CBS - Cox Communications Inc.
22773 | 68.109.125.159 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.11.242.196 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
12271 | 68.173.135.177 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 68.173.237.173 | SCRR-12271 - Road Runner HoldCo LLC
13343 | 68.202.214.70 | SCRR-13343 - Road Runner HoldCo LLC
11427 | 68.203.251.18 | SCRR-11427 - Road Runner HoldCo LLC
13343 | 68.204.212.97 | SCRR-13343 - Road Runner HoldCo LLC
13343 | 68.205.146.121 | SCRR-13343 - Road Runner HoldCo LLC
22773 | 68.227.189.182 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 68.5.118.199 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
11351 | 69.205.60.147 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
11427 | 70.112.121.212 | SCRR-11427 - Road Runner HoldCo LLC
11427 | 70.113.45.73 | SCRR-11427 - Road Runner HoldCo LLC
13343 | 70.118.117.215 | SCRR-13343 - Road Runner HoldCo LLC
13343 | 70.118.125.52 | SCRR-13343 - Road Runner HoldCo LLC
13343 | 70.119.109.182 | SCRR-13343 - Road Runner HoldCo LLC
11427 | 70.125.198.12 | SCRR-11427 - Road Runner HoldCo LLC
22773 | 70.166.23.247 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 70.179.6.246 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 70.183.109.243 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
19262 | 71.105.20.121 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19262 | 71.109.76.207 | VZGNI-TRANSIT - Verizon Internet Services Inc.
20001 | 72.130.79.110 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20231 | 72.135.194.197 | ROADRUNNER-CENTRAL - Road Runner HoldCo LLC
6621 | 72.168.159.221 | HNS-DIRECPC - Hughes Network Systems
6621 | 72.168.241.26 | HNS-DIRECPC - Hughes Network Systems
11427 | 72.177.25.110 | SCRR-11427 - Road Runner HoldCo LLC
11427 | 72.177.48.132 | SCRR-11427 - Road Runner HoldCo LLC
10994 | 72.184.94.30 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
13343 | 72.189.177.9 | SCRR-13343 - Road Runner HoldCo LLC
22773 | 72.199.136.16 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
12271 | 72.229.223.100 | SCRR-12271 - Road Runner HoldCo LLC
5650 | 74.39.200.99 | FRONTIER-FRTR - Frontier Communications of
America, Inc.
11351 | 74.65.127.5 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
12271 | 74.68.46.231 | SCRR-12271 - Road Runner HoldCo LLC
11351 | 74.71.246.25 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
12271 | 74.72.211.31 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 74.72.239.93 | SCRR-12271 - Road Runner HoldCo LLC
12271 | 74.73.2.192 | SCRR-12271 - Road Runner HoldCo LLC
20001 | 76.167.140.235 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.167.243.139 | ROADRUNNER-WEST - Road Runner HoldCo LLC
7757 | 76.170.167.97 | CCCH-AS4 - Comcast Cable Communications
Holdings, Inc
20001 | 76.173.107.134 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.173.126.55 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.174.36.170 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.174.58.140 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.175.130.106 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.175.187.79 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.94.108.210 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 76.95.188.205 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20858 | 84.36.129.204 | EGYNET-AS
20858 | 84.36.132.170 | EGYNET-AS
20858 | 84.36.151.91 | EGYNET-AS
20858 | 84.36.186.199 | EGYNET-AS
20858 | 84.36.45.158 | EGYNET-AS
41176 | 89.108.28.175 | SAHARANET-AS Sahara Net Main NOC AS
41176 | 89.108.35.199 | SAHARANET-AS Sahara Net Main NOC AS
29386 | 91.144.10.193 | STE-AS2 STE International Gateway
11060 | 96.11.124.243 | NEO-RR-COM - Road Runner HoldCo LLC
13343 | 97.100.225.26 | SCRR-13343 - Road Runner HoldCo LLC
13343 | 97.101.184.2 | SCRR-13343 - Road Runner HoldCo LLC
10994 | 97.97.119.3 | TAMPA2-TWC-5 - Road Runner HoldCo LLC
11426 | 98.121.164.98 | SCRR-11426 - Road Runner HoldCo LLC
7757 | 98.148.18.104 | CCCH-AS4 - Comcast Cable Communications
Holdings, Inc
20001 | 98.149.85.67 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 98.151.48.126 | ROADRUNNER-WEST - Road Runner HoldCo LLC
20001 | 98.154.55.232 | ROADRUNNER-WEST - Road Runner HoldCo LLC
22773 | 98.163.88.24 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
22773 | 98.191.117.5 | ASN-CXA-ALL-CCI-22773-RDC - Cox Communications
Inc.
10796 | 98.30.80.71 | SCRR-10796 - Road Runner HoldCo LLC
On 4/3/09 5:19 PM, "Nicholas Ianelli" <ni at centergate.net> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Team,
>
> It looks like the C2 server that is issuing a variety of DDoS commands
> across the net has moved from 89.149.233.194 (port 95/TCP) to
> 78.109.21.136 (port 444/TCP).
>
> 41665 | 78.109.21.136 | HOSTING-AS National Hosting Provider,
> Hosting.UA
>
> Bulk mode; peer-whois.cymru.com [2009-04-03 23:41:48 +0000]
> 9002 | 78.109.21.136 | RETN-AS ReTN.net Autonomous System
> 35320 | 78.109.21.136 | ETT-AS Eurotranstelecom
>
>
> I'm asking if you could please check flows to see if you have any
> customers talking to 78.109.21.136. We REALLY need to get our hands on
> the malware.
>
> We would really appreciate your assistance with this. I am more than
> happy to provide you with a telephone number that you can have your
> customers call me on, or partake in a conference call with a member of
> your organization and the customer.
>
> We REALLY need to get our hands on the malware, ANY assistance you can
> provide would be greatly appreciated.
>
> In addition, if you have any intel on malware that operates on port
> 95/TCP or 444/TCP I would love to get my hands on that as well.
>
> Cheers,
> Nick
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
>
> iEYEARECAAYFAknWp5AACgkQi10dJIBjZIC6bgCg5WP+JHCOrKjpQ3stxxZxdP8D
> HLwAn285o91ttcIlmD1ouQWxRFSPpYoj
> =WhlB
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list